From macro to malware - a step by step analysis - Nettitude Labs
Tags
cmtmf-attack-pattern: Code Injection Process Injection
attack-pattern: Data Code Injection - T1540 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Process Injection - T1631 Process Injection - T1055
Show in Graph
Common Information
Type Value
UUID c1c0b5c5-5b26-4e11-bf4a-627ac66645cc
Fingerprint 2e299d2239b64641
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 3, 2016, 3:42 p.m.
Added to db Jan. 18, 2023, 9:56 p.m.
Last updated Nov. 17, 2024, 6:49 p.m.
Headline From macro to malware – a step by step analysis
Title From macro to malware - a step by step analysis - Nettitude Labs
Detected Hints/Tags/Attributes 41/2/12
Source URLs
Redirection Url
Details Source https://labs.nettitude.com/blog/from-macro-to-malware-a-step-by-step-analysis/
URL Provider
Details Provider Source level domain
Details nettitude.com labs.nettitude.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
blog.w4kfu.com
Details Domain 6 
msitpros.com
Details File 748 
kernel32.dll
Details File 1 
jj814.exe
Details File 1260 
explorer.exe
Details sha256 1 
dc8fd31ba535551021327eb3dff8adb7cba261e6f1796cb6f53fe95df46b4c05
Details sha256 1 
0d03fade2b60a0581d688e2631be65f77e40f4353b43d9e49bb751d780f6678b
Details sha256 1 
023081297dccdbed9c289d32b351ed02fc07fcf8a14486609abfabbb4d75566a
Details sha256 1 
5a0cf8a63f38d1f2797ff223048817a37851b2b10496189dc8285ef5e0aef37a
Details Url 1 
http://blog.w4kfu.com/tag/duqu.
Details Url 1 
https://msitpros.com/?p=3100
Details Windows Registry Key 1 
HKEY_USERS\S-1-5-21-4132500612-3697680674-1831287676-1000_CLASSES\http\shell\open\command